[dns-operations] Statement: Issues using BIND 9.4 & 9.5 with DLV and certain DNSSEC-signed zones
Chris Thompson
cet1 at cam.ac.uk
Fri Apr 24 18:10:30 UTC 2009
On Apr 22 2009, Florian Weimer wrote:
>* Michael Graff:
[...]
>> How many more weeks do you think we should delay re-adding .gov to
>> dlv.isc.org? And what, specifically, do you suggest be the all-clear
>> trigger?
>
>A working signed delegation for nist.gov (or any other child zone).
We can tell that there *are* signed delegations from gov, even if we
don't know what they are. "Working" is, I suppose, more difficult to
judge.
I collected a sample of 1271 NSEC3 records from the gov zone by random
probing. (I guesstimate that I have very roughly half of them.) Of these
10 indicated the existence of a DS record, e.g.
5066E5JAKAO44M42VQK68BTJBEVGFFK9.gov. 10800 IN NSEC3 (
1 0 10 ABAB 50JLCITE3VVN0BUAUC0G5RJVO62P7DVU NS DS RRSIG )
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list